From a03a7df24dbb6bf4a92261922f9cf4df55da175b Mon Sep 17 00:00:00 2001
From: David Marchand <david.marchand@redhat.com>
Date: Thu, 21 Nov 2024 12:01:33 +0100
Subject: [PATCH] github: Skip clang-analyze when reference generation fails.

By assuming that OVS maintainers never push changes that breaks
compilation in GHA (which seems to be the case so far), it seems natural
to assume that generating the reference for clang analyzer should always
work.

If generating this reference fails, it means that this failure is likely
due to a change external to OVS code, but the patch being tested is not
at fault for this even though at the moment a failure will be reported
in patchwork.

Split the clang analyzer check in two jobs:
- a clang-cache job, responsible for computing a cache key of the
  reference code and compiling a reference build,
- a clang-analyzer job, which depends on the former job, responsible for
  compiling the current patch and comparing the result against the
  reference,

The cache generation won't be reported as a failure at the OVS build step
(using continue-on-error:). If such a failure happens, the cache-analyzer
will be skipped.

With this split, some cleanups can be done:
- a shallow git clone is enough for the reference generation,
- the reference generation can be built in the current directory,

Fixes: d662eee09724 ("ci: Add clang-analyze to GitHub actions.")
Signed-off-by: David Marchand <david.marchand@redhat.com>
---
 .ci/linux-build.sh                   | 12 +---
 .github/workflows/build-and-test.yml | 85 +++++++++++++++++++++-------
 2 files changed, 67 insertions(+), 30 deletions(-)

diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh
index 8cdccef2797..0355dd5390b 100755
--- a/.ci/linux-build.sh
+++ b/.ci/linux-build.sh
@@ -56,27 +56,19 @@ function build_ovs()
 
 function clang_analyze()
 {
-    [ -d "./base-clang-analyzer-results" ] && cache_build=false \
-                                           || cache_build=true
-    if [ "$cache_build" = true ]; then
-        # If this is a cache build, proceed to the base branch's directory.
-        pushd base_ovs_main
-    fi;
-
     configure_ovs $OPTS
 
     make clean
     scan-build -o ./clang-analyzer-results -sarif --use-cc=${CC} make ${JOBS}
 
-    if [ "$cache_build" = true ]; then
+    if [ ! -d "./base-clang-analyzer-results" ]; then
         # Move results, so it will be picked up by the cache.
         mv ./clang-analyzer-results ../base-clang-analyzer-results
-        popd
     else
         # Only do the compare on the none cache builds.
         sarif --check note diff ./base-clang-analyzer-results \
                                 ./clang-analyzer-results
-    fi;
+    fi
 }
 
 if [ "$DEB_PACKAGE" ]; then
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
index 6501f23d263..bb61dd9fc64 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -336,7 +336,7 @@ jobs:
         name: logs-linux-${{ join(matrix.*, '-') }}
         path: logs.tgz
 
-  build-clang-analyze:
+  build-clang-cache:
     needs: build-dpdk
     env:
       dependencies: |
@@ -345,16 +345,14 @@ jobs:
       CC:   clang
       DPDK: dpdk
       CLANG_ANALYZE: true
-    name: clang-analyze
+    name: clang-cache
+    outputs:
+      key: ${{ steps.cache_key.outputs.key }}
+      outcome: ${{ steps.build_base.outcome }}
     runs-on: ubuntu-24.04
     timeout-minutes: 30
 
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-
     - name: get base branch sha
       id: base_branch
       env:
@@ -387,13 +385,9 @@ jobs:
           fi
         fi
 
-    - name: checkout base branch
-      env:
-        BASE_SHA: ${{ steps.base_branch.outputs.sha }}
-      run: |
-        cp -r $(pwd)/. /tmp/base_ovs_main && mv /tmp/base_ovs_main ./
-        cd $(pwd)/base_ovs_main
-        git checkout ${BASE_SHA}
+    - name: checkout
+      uses: actions/checkout@v4
+      ref: ${{ steps.base_branch.outputs.sha }}
 
     - name: update PATH
       run: |
@@ -405,7 +399,7 @@ jobs:
       run: |
         ver=$(${CC} -v 2>&1 | grep ' version ' | \
               sed 's/.*version \([0-9]*\.[0-9]*\.[0-9]*\).*/\1/g')
-        echo "key=${CC}-${ver}-analyze-$(git -C base_ovs_main rev-parse HEAD)" \
+        echo "key=${CC}-${ver}-analyze-$(git rev-parse HEAD)" \
           >> $GITHUB_OUTPUT
 
     - name: check for analyzer result cache
@@ -416,35 +410,86 @@ jobs:
         key:  ${{ steps.cache_key.outputs.key }}
 
     - name: set up python
+      if: steps.clang_cache.outputs.cache-hit != 'true'
       uses: actions/setup-python@v5
       with:
         python-version: ${{ env.python_default }}
 
     - name: get cached dpdk-dir
-      uses: actions/cache/restore@v4
+      if: steps.clang_cache.outputs.cache-hit != 'true'
+      uses: actions/cache@v4
       with:
         path: dpdk-dir
         key:  ${{ needs.build-dpdk.outputs.dpdk_key }}
 
     - name: update APT cache
+      if: steps.clang_cache.outputs.cache-hit != 'true'
       run:  sudo apt update || true
 
     - name: install common dependencies
+      if: steps.clang_cache.outputs.cache-hit != 'true'
       run:  sudo apt install -y ${{ env.dependencies }}
 
     - name: prepare
+      if: steps.clang_cache.outputs.cache-hit != 'true'
       run:  ./.ci/linux-prepare.sh
 
     - name: build base reference
+      id: build_base
       if: steps.clang_cache.outputs.cache-hit != 'true'
+      continue-on-error: true
       run:  ./.ci/linux-build.sh
 
-    - name: save cache
-      uses: actions/cache/save@v4
-      if: steps.clang_cache.outputs.cache-hit != 'true'
+  build-clang-analyze:
+    needs: [build-dpdk, build-clang-cache]
+    if: >
+        needs.build-clang-cache.outputs.outcome == 'success' ||
+        needs.build-clang-cache.outputs.outcome == 'skipped'
+    env:
+      dependencies: |
+        automake bc clang-tools libnuma-dev libunbound-dev libunwind-dev \
+        libssl-dev libtool libxdp-dev llvm-dev
+      CC:   clang
+      DPDK: dpdk
+      CLANG_ANALYZE: true
+    name: clang-analyze
+    runs-on: ubuntu-24.04
+    timeout-minutes: 30
+
+    steps:
+    - name: checkout
+      uses: actions/checkout@v4
+
+    - name: update PATH
+      run: |
+        echo "$HOME/bin"        >> $GITHUB_PATH
+        echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+    - name: check for analyzer result cache
+      uses: actions/cache@v4
       with:
         path: base-clang-analyzer-results
-        key:  ${{ steps.cache_key.outputs.key }}
+        key:  ${{ needs.build-clang-cache.outputs.key }}
+
+    - name: set up python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.python_default }}
+
+    - name: get cached dpdk-dir
+      uses: actions/cache@v4
+      with:
+        path: dpdk-dir
+        key:  ${{ needs.build-dpdk.outputs.dpdk_key }}
+
+    - name: update APT cache
+      run:  sudo apt update || true
+
+    - name: install common dependencies
+      run:  sudo apt install -y ${{ env.dependencies }}
+
+    - name: prepare
+      run:  ./.ci/linux-prepare.sh
 
     - name: build
       run:  ./.ci/linux-build.sh